The Version 6 CLI: Getting Started
By mcraig on Mar 05, 2007
In the entry on Directory Service Control Center: Getting Started, I showed you how to use Directory Service Control Center to create a first instance of Directory Server. This entry demonstrates how to create an instance on the command line.
Directory Server Enterprise Edition 6.0 brings you a powerful, high-level command line for both Directory Server and Directory Proxy Server. Although you may still want to use the
ldapmodify command to update some configuration parameters, you rarely have to do so.
Instead, you have two similarly named commands for each server. For Directory Server, you have
dsconf. For Directory Proxy Server,
dpconf. Why two separate commands for each server? Because you administer a server process locally, but you can configure a running server process remotely. The
dpadm commands administer local servers at the system level (create an instance, start/stop, etc.). The
dpconf commands configure servers over LDAP (managing replication, creating new indexes, adjusting log levels, etc.).
When setting up Directory Server by hand, the first command you use after installing Directory Server is no doubt
dsadm create. This command creates a Directory Server instance in a directory you specify, meaning that the command creates the basic configuration files you need to start a Directory Server process that can respond to LDAP requests. For example, you can create your new server under
/local/ds with the default ports by using the following command.
$ dsadm create /local/ds Choose the Directory Manager password: Confirm the Directory Manager password: Use 'dsadm start /local/ds' to start the instance
So far so good. If you list the files under
/local/ds, you find everything you need to run a Directory Server process, though the database directory is completely empty. After all, there is no directory data to store, yet.
The next command to use is just what the first command suggested:
dsadm start /local/ds. This command starts the Directory Server process with the configuration information under
$ dsadm start /local/ds Server started: pid=2845
Notice you do not see the port numbers in the output. How do you know where to contact the server over LDAP? When you create the server as
root, you can directly manage ports less than 1024, so the server is created to listen for LDAP connections on the standard ports. That is, 389 for LDAP and 636 for LDAP secured with SSL. If you are a normal, non-
root user, as in this example, just add 1000 to the standard port numbers. So our default port numbers in this example are 1389 for LDAP, 1636 for LDAP secured with SSL.
A server that has no data to serve is useless. So add some sample data. Directory Server ships with ready-made sample data in LDIF,
install-path depends on how you installed the software. If you installed using the Java ES installer,
/opt/SUNWdsee on Solaris systems,
/opt/sun on Red Hat and HP-UX systems,
C:\\Program Files\\Sun\\JavaES5\\DSEE on Windows systems. If you have been following along on the command-line up to this point, then you found it already in order to get to
The following commands create a suffix, officially known as a naming context and to be understood as a directory data container, to hold sample data, and then import sample data online. (When you are ready to attack performance tuning, you can build your own sample data with the
$ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com Certificate "CN=hostname, CN=1636, CN=Directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y Enter "cn=Directory Manager" password: $ dsconf import -h localhost -p 1389 install-path/ds6/ldif/Example.ldif dc=example,dc=com Enter "cn=Directory Manager" password: New data will override existing data of the suffix "dc=example,dc=com". Initialization will have to be performed on replicated suffixes. Do you want to continue [y/n] ? y ## Index buffering enabled with bucket size 40 ## Beginning import job... ## Processing file "install-path/ds6/ldif/Example.ldif" ## Finished scanning file "install-path/ds6/ldif/Example.ldif" (160 entries) ## Workers finished; cleaning up... ## Workers cleaned up. ## Cleaning up producer thread... ## Indexing complete. ## Starting numsubordinates attribute generation. This may take a while, please wait for further activity reports. ## Numsubordinates attribute generation complete. Flushing caches... ## Closing files... ## Import complete. Processed 160 entries in 4 seconds. (40.00 entries/sec) Task completed (slapd exit code: 0).
Notice that the new server comes with a default, self-signed SSL certificate, so you can do secure communication for configuration out of the box. You will probably want to do production SSL authentication with a certificate from your certificate authority, but the self-signed cert is handy when you are starting out.
Notice also that you have switched to using the
dsconf command at this point. With a running server, you can start doing commands over LDAP. You could therefore also be running the
dsconf command from another system if you so desired, though the LDIF to import would still have to be accessible on the file system of the host running the server.
Now you have your server running, complete with sample data under
dc=example,dc=com, listening on ports 1389 and 1636. Take a look at Babs Jensen's entry to make sure.
$ ldapsearch -h localhost -p 1389 -b dc=example,dc=com "(uid=bjensen)" version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: email@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209
Setting up Directory Proxy Server is quite similar to setting up Directory Server. You will find the basics right in the Installation chapter of the Installation Guide.